Matthew H. Meade
Chair, Cybersecurity, Data Protection & Privacy
Matt Meade concentrates his practice in the area of data security providing advice to clients regarding data breaches, information and records management, and other areas concerning data security. Matt helps clients identify business risks associated with the use and storage of sensitive information. He regularly guides clients through security incident investigations, analysis, communications, and, if necessary, responding to regulatory inquiries and litigation. He advises clients on security breach notification laws and other U.S. state and federal data security requirements (including laws regarding disposal of records). Matt drafts agreements addressing issues related to data use, privacy, and security. He also prepares document retention and management policies and develops associated training programs.
Matt speaks and writes regularly on data security matters and serves on The Sedona Conference Working Group Series Leadership Council, after previously serving on the Steering Committee for Working Group II on Data Security and Privacy, through which lawyers, judges, policy makers, security experts, technologists, and business leaders work together to identify and develop principles and best practices to constructively resolve issues surrounding data security and privacy liability. Matt has served as a Co-Chair of the ABA’s First, Second, and Third Annual National Cybersecurity Institute (2016-2018).
- Advised numerous entitles, including healthcare providers, manufacturers, retailers, schools, financial services companies, county governments and collection agency on information security breach notification procedures and development of post breach corrective action plans.
- Coordinated response to multi-state security breaches, ransomware, and hacking incidents with local and federal law enforcement, and United States Attorney.
- Performed comprehensive review and subsequent revisions of all security policies for leading hospitality provider and then provided data security training to managers and executives on subjects covered in policies.
- On behalf of a healthcare automation solutions provider, obtained dismissal of claims arising from the theft of an employee’s laptop computer containing protected health information, on grounds that court lacked subject matter jurisdiction because plaintiff failed to adequately allege injury-in-fact.
- Conducted employee cyber training sessions in hospitality, education, healthcare, manufacturing, insurance, and financial sectors.
- Organized, ran, and oversaw tabletop mock data breach scenarios for multiple organizations including universities, energy companies, banks, insurance companies, and healthcare organizations.
- Developed cyber training for board of directors of community bank and manufacturing company.
- Conducted comprehensive review of security implications of agent agreements for provider of homeowner’s insurance.
- Prepared and reviewed company security policies including Written Information Security Programs, document management, and incident response plans.
- Coordinated internal investigations of healthcare data breaches, subsequent patient notice, communication with the Department of Health & Human Services Office of Civil Rights (“OCR”) and development of corrective steps. OCR closed the case taking no further action and noting the voluntary compliance efforts of the entity.
- Prepared and reviewed company policies including Written Information Security Programs, document management, social networking and incident response.
- Conducted internal investigation of processes and procedures of professional sports league, including analysis of discipline by league of teams, coaches and players, and of document management policy.
- Conducted an internal investigation of a large-scale data leak of personnel information at a Fortune 100 Corporation; interviewing relevant employees and preparing a report and recommendations for the Executive Board.
- Advised clients on proper security measures in connection with employee and customer personal information.
- Pennsylvania Bar Association
- New York Bar Association
- American Bar Association National Institute on Cybersecurity, Co-Chair
- The Sedona Conference Working Group Series Leadership Council, Member
- The Sedona Conference Working Group 11 on Data Security and Privacy Liability
- Leader of Model Data Breach Notification Law Brainstorming Group
- Former Steering Committee Member
- Carnegie Mellon University CISO-Executive Program, Faculty Member
- Children’s Museum of Pittsburgh, Board Member
- Chuck Cooper Foundation, Vice President and Board Member
- Yale Day of Service, Co-Chair
Awards and Recognition:
- Selected for inclusion in The Best Lawyers in America – Privacy and Data Security Law (2017 – 2024) and Commercial Litigation (2015 – 2021, 2023-2024)
News and Insights
- “State Privacy Bingo,” Eckert Seamans’ Cybersecurity, Data Protection & Privacy Update, August 2023.
- “New Privacy Civil Litigation Trends in the United States,” Eckert Seamans’ Cybersecurity, Data Protection & Privacy Update, June 28, 2023.
- “Proposed SEC Cybersecurity Risk Governance Rules for Public Companies,” Eckert Seamans’ Cybersecurity, Data Protection & Privacy Update, June 27, 2023.
- “The New Colorado and California Privacy Regulations Are Finalized: How Do They Compare?” Eckert Seamans’ Cybersecurity, Data Protection & Privacy Update, April 25, 2023.
- “Final NYC Rules on the Use of Automated Employment Decision Tools Published – Enforcement Delayed until July 5, 2023,” Eckert Seamans’ Cybersecurity, Data Protection & Privacy Update, April 25, 2023.
- “U.S. Department of Treasury Reports Highlights Pitfalls of Using Cloud Platforms: Treasury Sets Up New Interagency Cloud Services Steering Committee,” Eckert Seamans’ Cybersecurity, Data Protection & Privacy Update, February 2023.
- “Massachusetts Gaming Commission Issues Emergency Privacy and Security Regulations on the Gaming and Sports Betting Industry,” Eckert Seamans’ Legal Update, February 13, 2023.
- “Joint Cybersecurity Advisory issued by FBI, FDA OCI, and USDA Warns Food & Agriculture Sector About Increase in Business Email Compromise Scams to Divert Shipments of Food Products,” co-author, Eckert Seamans Data Privacy & Security Update, December 2022.
- “DHS’s Cybersecurity and Infrastructure Security Agency Seeking Guidance on Critical Infrastructure Cyber Reporting,“ Eckert Seamans’ Data Security & Privacy Alert, October 2022, also appeared in the Fall 2022 Construction Law Update.
- “Pennsylvania Amends its Breach of Personal Information Notification Act,” Eckert Seamans’ Data Privacy & Security Update, November 2022.
- “Incident Response Plan – An Indispensable Tool for Cyber Preparedness,” published in The Authority, a publication of the Pennsylvania Municipal Authorities Association, October 2022.
- “FBI Tips to Protect Against Cyber Threats to Medical Devices,” co-author, Eckert Seamans’ Data Security & Privacy Alert, September 2022.
- “Updated Joint Guidance on the Application of FERPA and HIPAA to Student Health Records,” Eckert Seamans’ Data Security & Privacy Alert, February 2020.
- “When poor vendor vetting leads to exposed health data,” The Parallax View, May 7, 2021.
- Radio interview with Lynn Hayes-Freeland about Cyber Monday: 7 tips for safer online shopping, 1020 KDKA, December 2, 2019.
- “Eckert Seamans Hires Buchanan Ingersoll Cybersecurity Vet,” Law360, September 2018.
- “Lessons and Trends from FTC’s 2017 Privacy and Data Security Update: Workshops and Guidance (Part Two of Two),” The Cybersecurity Law Report, February 2018.
- “Lessons and Trends from FTC’s 2017 Privacy and Data Security Update: Enforcement Actions (Part One of Two),” The Cybersecurity Law Report, January 2018.
- “Eckert Seamans’ Matthew Meade named to lead group charged with drafting new model data breach notification law,” January 2019.
- “Cybersecurity: Data Security and You,” presented during the County Commissioners Association of Pennsylvania (CCAP) Insurance Programs’ Defense Counsel Meeting, October 2023.
- “Preparing for the inevitable: Cyber Security Issues Surrounding Responding to Ransomware Attacks,” presented at the Eckert Seamans’ Joel Lennen Legal Primer, August 2023.
- “The Sedona Conference Commentary on Proposed Model Data Breach Notification Law,” webinar moderator, July 2023.
- “Breach Coach: Working with Outside Counsel,” presented at the Data Breaches: A Primer for County Attorneys program co-sponsored by Minnesota Counties Intergovernmental Trust and Minnesota County Attorneys Association, March 2023.
- “Preparing for the Inevitable: A Practical Guide to Cyber Incident Response,” presented to the Idaho Association of Counties 2022 Annual Conference in Downtown Boise, September 2022.
- “The GDPR in Higher Education,” webinar presentation with the National Cyber Forensics & Training Alliance to colleges and universities across the Commonwealth of Pennsylvania, December 2021.
- “Is Cyber Insurance Coverage Holding Local Government Ransom?” panel presenter to the National Association of Counties, October 2021.
- “Legal Issues Associated with Responding to and Remediating a Cyber Attack,” also presented “Interactive Cyber Incident Exercises” for the County Commissioners Association of Pennsylvania program, KEYS: The Anatomy of a Cyber Claim, May 2021.
- “Practice Makes Perfect: A Proactive Approach to Cybersecurity,” presenter, Eckert Seamans’ Legal Primer Series (Part 1), April 14, 2021. (recording)
- “Executive Roundtable on Regulations and Privacy,” panelist, Converge20, October 2020.
- “Model data breach notification law,” panelist, The Sedona Conference Working Group 11 Midyear Meeting 2020, September 2020.
- “Privacy Update,” Pennsylvania Bar Institute Cyberlaw Update 2020, September 2020.
- “Anatomy of a Data Breach,” panelist, TextIQ’s The Inevitable 2020 webinar series, September 2020.
- “Data Breach Scenario Panel” Moderator and panel presenter at the 2019 Cyber Law and Privacy Symposium, Hosted by Carnegie Mellon University, May 2019.
- “News You Can Use: A review of recent judicial, legislative, and regulatory developments of significance to employers,” co-presented at Eckert Seamans’ Human Resources Forum, April 2019.
- “The Net without Neutrality: Economic, Regulatory, and Informational Access Impacts,” co-presenter, University of Pittsburgh Law Review 80th Publishing Anniversary Symposium, March 2019.
- “Cybersecurity: An Analysis of the Legal Landscape and Best Practices,” presenter, Eckert Seamans’ Continuing Legal Education Seminar, August 2018.
- “Interactive Breach Scenarios,” presented at the NetDiligence Cyber Risk Summit, June 2018.
- “Practice Makes Perfect: A Proactive Approach to Cybersecurity in an Interconnected Hotel Industry” presented at the Hotel & Lodging Legal Summit at Georgetown University Law Center, October 2017.
- “Cybersecurity: There ARE Things Lawyers Can and Should Do,” CLE presentation, October 2017.
- “You’ve Got Hacked: How to protect yourself against campaign data security dangers and liabilities,” panel presentation at the American Association of Political Consultants’ 2017 Annual Pollie Awards & Conference, March 2017.